<?php
#include_once ("../../db_connect.php");
#include_once("form.class.php");
#include_once("user.class.php");

class SecurityManager {

	function SecurityManager(){
	#	$this->profileId = $this->getProfileId;
	}


	function userHasPrivileges($user_id, $path) {

	$sql = "SELECT 1 FROM screens_profiles where screenid = ".$this->getScreenId($path)." AND profileid = ".$this->getProfileId($user_id);
	return DataBase::ExecuteScalar($sql);	
	}
	
	function getScreenId($path){
		$sql = "SELECT id FROM screens WHERE path ='$path'";
		return DataBase::ExecuteScalar($sql);
	}
	
	function getProfileId($user_id){
		$sql = "SELECT security_profile FROM usuarios WHERE id =".$user_id;
		return DataBase::ExecuteScalar($sql);		
	}
	
	function getProfileName($profileID){
		$sql = "SELECT nombre FROM security_profiles WHERE id=".$profileID;
		return DataBase::ExecuteScalar($sql);
	}

} #SecurityManager

#testing...
#$user = new User("rodrigo", "rodrigo");
#$sm = new SecurityManager();
#$sm->userHasPrivileges($user,'/mayanAdventures/panel/admin/agencias.php');
#if($sm->userHasPrivileges($user,'/mayanAdventures/panel/admin/agencias.php'))
#	echo "true";
#else
#	echo "false"
#$list = $myGM->getGroupsList("2007-06-18");
#print_r($list);
?>